nixos-config/hosts/buildbox/configuration.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running 'nixos-help').

{
  config,
  pkgs,
  pkgs-unstable,
  inputs,
  configPath,
  hostname,
  hostTypes,
  lib,
  ...
}:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      inputs.home-manager.nixosModules.default
    ];

  # Bootloader.
  boot.loader.grub.enable = lib.mkDefault true;
  boot.loader.grub.devices = [ "nodev" ];

  nix.settings.experimental-features = ["nix-command" "flakes"];

  # Nix optimizations
  nix.optimise.automatic = true;
  nix.settings.auto-optimise-store = true;
  nix.gc = {
    automatic = true;
    dates = "weekly";
    persistent = true;
    options = "--delete-older-than 30d";
  };

  networking.hostName = "buildbox"; # Define your hostname.

  # Enable networking
  networking.networkmanager.enable = true;

  virtualisation.docker.enable = true;

  # zram
  zramSwap = {
    enable = true;
    priority = 100;
    memoryPercent = 30;
    swapDevices = 1;
    algorithm = "zstd";
  };

  # Set your time zone.
  time.timeZone = "America/Los_Angeles";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  i18n.extraLocaleSettings = {
    LC_ADDRESS = "en_US.UTF-8";
    LC_IDENTIFICATION = "en_US.UTF-8";
    LC_MEASUREMENT = "en_US.UTF-8";
    LC_MONETARY = "en_US.UTF-8";
    LC_NAME = "en_US.UTF-8";
    LC_NUMERIC = "en_US.UTF-8";
    LC_PAPER = "en_US.UTF-8";
    LC_TELEPHONE = "en_US.UTF-8";
    LC_TIME = "en_US.UTF-8";
  };

  # Disable X11 for servers
  services.xserver.enable = false;

  services.tailscale.enable = true;

  # Configure keymap in X11
  services.xserver.xkb = {
    layout = "us";
    variant = "";
  };

  # Enable CUPS to print documents.
  services.printing.enable = false;

  # Enable sound with pipewire.
  # hardware.pulseaudio.enable = false;
  #hardware.pulseaudio = {
  #  enable = true;
  #  package = pkgs.pulseaudioFull;
  #};

  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;
  
  # VSCode-Server
  programs.nix-ld.enable = true;

  programs.nix-ld.libraries = with pkgs; [
    stdenv.cc.cc.lib
    zlib
    glib
    libGL
    libGLU
    openssl
  ];

  # Define a user account. Don't forget to set a password with ‘passwd’.
   programs.zsh.enable = true;   
   users.users.rogueking = {
    isNormalUser = true;
    description = "rogueking";
    extraGroups = [ "networkmanager" "wheel" "docker" ];
    shell = pkgs.zsh;
    packages = with pkgs; [];
  };

  users.users.cris = {
    isNormalUser = true;
    description = "cris";
    extraGroups = [ "networkmanager" "wheel" "docker" ];
    shell = pkgs.zsh;
    packages = with pkgs; [];
  };

  # Install firefox.
  programs.firefox.enable = true;

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;
  security.polkit.enable = true;
  programs._1password.enable = true;
  programs._1password-gui = {
    enable = true;
    polkitPolicyOwners = [ "rogueking" ];
  };

  # Enable OpenSSH daemon
  services.openssh = {
    enable = true;
    ports = [ 22 ];
    settings = {
      PasswordAuthentication = true;
      AllowUsers = [ "rogueking" "cris"]; 
      UseDns = true;
      X11Forwarding = false;
      PermitRootLogin = "no";
      MaxAuthTries = 8;  
    };
  };

  users.users."rogueking".openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINXqriPZVIuduc/J7GS1mD171LL0gIbgEjlImsxedWVX"
  ];

  users.users."cris".openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIlF9KmjGDL1/KX2YDAZe4E5rd0qMtrirEbFnE3CKmS+"
  ];

  nixpkgs.config.permittedInsecurePackages = [
        "qtwebengine-5.15.19"
    "python3.12-ecdsa-0.19.1"
  ];

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    # System-level only — CLI tools moved to home-manager
  ];

  home-manager = {
    extraSpecialArgs = {
      inherit
        configPath
        inputs
        pkgs-unstable
        hostname
        hostTypes
        ;
    };
    users = {
      "rogueking" = import ./../../home-manager/home.nix;
      "cris" = import ./../../home-manager/cris-home.nix;
    };
    backupFileExtension = "backup";
  };

  system.stateVersion = "25.11";
}